First, we need to know what is rootkits.Rootkits is a program to control your unix terminals usually root access,in Windows usually Administrator access without any authorization from the server owner.

So to securing your linux server We can using some software : Zeppoo , Chkrootkit or rkhunter

Zeppoo Software

Zeppo will detect rootkits on i386 and x86_64 architecture in linux using /dev/kmem and /dev/memthis software also able to detect a hidden task, system call etc..

This is a simple tutorial / how to setup your PureFTPd daemon to working with ClamAV Scanner.So When you uploaded a files to your FTP server, ClamAV will automatically checking your files.If your files contain an infected / malware ClamAV will delete it.

Preparing to Install PureFTPd

Login as root#yum install pure-ftpdPreparing to Install ClamAV

Next, We will install ClamAV FYI, ClamAV is not available in the CentOS official repositories.But We can enable it with the EPEL repository

ExecShield is security Linux kernel patch to avoid worms and other problems.

Exec Shield is a project that got started at Red Hat, Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems. The first result of the project was a security patch for the Linux kernel that adds an NX bit to x86 CPUs. While the Exec Shield project has had many other components, some people refer to this first patch as Exec Shield.

There are so many tools that able to check the hidden process and port, the tools are rootkits/lkms/unhide etc.In this tutorial i will discuss something more simple to use and the tools is UNHIDE.

Unhide is a tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. This tools works under both Linux / Unix, and MS-Windows operating systems.

It detects hidden processes using three techniques:

The proc technique consists of comparing /proc with the output of /bin/ps.The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.The brute technique consists of bruteforcing the all process IDs. This technique is only available on Linux 2.6 kernels.

If you want to run some processes like backup , generate image thumbnail etc.. in the background.The is an easy way to do this, we can using Crontab to handle this task so it will automatically do the job in your schedule task.

What is Crontab ?

Crontab is found in unix and unix-like O/S, cron derives from chronos greek time and it used to schedule command or execute it periodically.

Today i just updated my cpanel server to the latest version but the strange thing is i misstyped my email password account few times and this will automatically detected as brute force in cpanel system that handle by cphulkd.